refactor: update keys function to use configparser for CA file retrieval

0729913a · Max Adamo · cfaf9e29 · 0729913a · 0729913a · 0729913a
Unverified Commit 0729913a authored 3 months ago by Max Adamo
--- a/wile_coyote/bin/anvil
+++ b/wile_coyote/bin/anvil
@@ -145,7 +145,6 @@ if __name__ == "__main__":
        log.handler(constants.GIVEUP, LOGFILE, True)
        sys_kit.coyote_exit(LOGFILE, START_TIMEDATE, 1)
-    ACME_PROVIDERS = wile_coyote.tools.ACME_PROVIDERS
    REDIS_HOST = wile_coyote.tools.REDIS_HOST
    REDIS_TOKEN = wile_coyote.tools.REDIS_TOKEN
    VAULT_HOST = wile_coyote.tools.VAULT_HOST
@@ -154,6 +153,8 @@ if __name__ == "__main__":
    CONSUL_LEADER, _, __ = wile_coyote.tools.consul_kit.get_leader(LOGFILE)
    MOUNT_POINTS_V1 = wile_coyote.tools.MOUNT_POINTS_V1
    MOUNT_POINTS_V2 = wile_coyote.tools.MOUNT_POINTS_V2
+    ACME_PROVIDERS = wile_coyote.tools.ACME_PROVIDERS
+    acme_providers_list = ACME_PROVIDERS.replace(' ', '').split(',')
    # keys define in .acme.ini
    REDIS_KEYS = wile_coyote.tools.REDIS_KEYS
@@ -163,11 +164,11 @@ if __name__ == "__main__":
    # prune certificates locally
    if PRUNE:
        if "all" in PRUNE:
-            prune = ACME_PROVIDERS
+            prune = acme_providers_list
        else:
            prune = PRUNE
        for prov in prune:
-            if prov not in ACME_PROVIDERS:
+            if prov not in acme_providers_list:
                log.handler(f"{prov} is not a valid provider", LOGFILE, True)
                log.handler(constants.GIVEUP, LOGFILE, True)
                sys_kit.coyote_exit(LOGFILE, START_TIMEDATE, 1)

--- a/wile_coyote/common/combine.py
+++ b/wile_coyote/common/combine.py
@@ -4,7 +4,7 @@ import os
 import wile_coyote.tools
-def keys(certpath, provider, keypath, outpath):
+def keys(cert_path, provider, key_path, outpath):
    """combine certificate, CA and private key"""
    if os.path.isdir("/etc/ssl/certs"):
        ssl_dir = "/etc/ssl/certs"
@@ -13,13 +13,12 @@ def keys(certpath, provider, keypath, outpath):
    else:
        raise NotImplementedError("OS not supported")
-    # providers and CAs are mapped in acme.ini
+    ca_file = wile_coyote.tools.PROVIDERS_CA[provider]
-    acme_providers = wile_coyote.tools.ACME_PROVIDERS
+    ca_path = os.path.join(ssl_dir, ca_file)
-    capath = os.path.join(ssl_dir, acme_providers[provider])
+    file_names = [cert_path, ca_path, key_path]
-    filenames = [certpath, capath, keypath]
    with open(outpath, "w", encoding="utf-8") as outfile:
-        for fname in filenames:
+        for fname in file_names:
            with open(fname, "r", encoding="utf-8") as infile:
                outfile.write(infile.read())
        outfile.close()
--- a/wile_coyote/tools/__init__.py
+++ b/wile_coyote/tools/__init__.py
@@ -21,7 +21,8 @@ for loader, module_name, is_pkg in pkgutil.walk_packages(__path__):
    CONSUL_SERVERS = config.get('acme', 'consul_servers')
    CONSUL_TOKEN = config.get('acme', 'consul_token')
    WEB_BASE = config.get('acme', 'web_base')
-    ACME_PROVIDERS = l_eval(config.get('acme', 'acme_providers'))
+    ACME_PROVIDERS = config.get('acme', 'acme_providers')
+    PROVIDERS_CA = l_eval(config.get('acme', 'providers_ca'))
    # these parameters only work in test
    if 'unit-test' not in config.sections():